My paranoid concern is that I’m going to buy these $2 ESP32 boards from some unknowable Chinese company, and how could I know if there’s an extra, malicious supervisor element added. So, my ESP32 devices live in the ‘untrusted’ VLAN. They could, theoretically, discover each other and send their sensor data to some nefarious broker, but they don’t have microphones or cameras. I don’t even see how they could get enough information to discover my physical address, without cooperation from my ISP.
I only one I know about https://socprime.com/blog/cve-2025-27840-vulnerability-in-esp32-bluetooth-chips/ which is a bluetooth thing, presumably meaning that you’d have to be in bluetooth range to exploit it.
My paranoid concern is that I’m going to buy these $2 ESP32 boards from some unknowable Chinese company, and how could I know if there’s an extra, malicious supervisor element added. So, my ESP32 devices live in the ‘untrusted’ VLAN. They could, theoretically, discover each other and send their sensor data to some nefarious broker, but they don’t have microphones or cameras. I don’t even see how they could get enough information to discover my physical address, without cooperation from my ISP.